Try Now
Log In
Live Demo
Free Trial

CGW – DHCP Server Configuration

CGW – DHCP Server Configuration

1. Introduction

Adjacent to the internal applications running in a public cloud, data center, or on-premises server, Exium places a small piece of software called Cyber Gateway (CGW), deployed as a VM or bare metal, which is used to extend a highly secure Zero Trust Path out to the Intelligent Cybersecurity Mesh.

Its deployment is required for Secure Private Access and SD-WAN services. Please refer SPA Guide for details.

CGWs can co-host DHCP server to assign IP addresses to the devices inside an office or workplace. CGW will act like default gateway to all the devices which will get IP from DHCP server hosted on CGW machine.

Likewise CGWs, DHCP server can also be configured in HA mode to provide uninterrupted services to the devices, seeking IP allocation and management.

2. Deployment Instructions

Pre-requisites

  1. Minimum 1 CGW or 2 CGWs in HA mode
  2. For configuration – IP subnet to be managed by DHCP server
  3. For configuration – Default gateway IP which will be installed and managed by CGW application
  4. For configuration – DNS servers IP addresses
  5. For configuration – Domain names of the DHCP servers or the CGW machines

Steps to configure DHCP server

CGW application comes with DHCP server installation, no need to install it manually.

DHCP server configuration with HA

Assuming CGW is already deployed in HA mode and VRRP or floating IP is already configured and available on Active Node.

  • Check “sudo xlgateway status” on CGW nodes, to identify state is Active and service is connected.
  • Check “ip addr” output to verify VRRP IP is installed on LAN interface

Follow the steps to configure DHCP server in a CGW machines in HA mode:

CGW Primary Node – DHCP Server Primary Node

  • Login to CGW Primary node
    • Make sure CGW LAN IP is configured statically in netplan configuration.
  • Modify netplan configuration and make static entry for CGW LAN interface
    • Apply netplan configuration
  • Execute below command to download utility to setup DHCP server
curl -s https://clientreleases.s3.us-west-1.amazonaws.com/cgw/xdhcp_setup.sh | sudo bash
  • Open user input or setup configuration file using an editor. Configure all parameters with valid entries. Refer ‘Appendix‘ section for sample configuration.
cd /usr/local/bin/

vim config_xdhcp.ini

xdhcp-manager -n primary

CGW Secondary Node – DHCP Server Secondary Node

  • Login to CGW Secondary node
    • Make sure CGW LAN IP is configured statically in netplan configuration.
  • Modify netplan configuration and make static entry for CGW LAN interface
    • Apply netplan configuration
  • Execute below command to download utility to setup DHCP server
curl -s https://clientreleases.s3.us-west-1.amazonaws.com/cgw/xdhcp_setup.sh | sudo bash
  • Open user input or setup configuration file using an editor. Configure all parameters with valid entries. Refer ‘Appendix‘ section for sample configuration.
cd /usr/local/bin/

vim config_xdhcp.ini

xdhcp-manager -n secondary

DHCP server deployment without HA

In case CGW is not deployed in HA (High Availability) mode, DHCP server can still be configured and used for the devices seeking IP allocation.

  • Refer section “CGW Primary Node – DHCP Server Primary Node” and install and run single instance

Node Status

Use below command to check the node status (primary/secondary) along with other parameters:

sudo xdhcp-manager -s show

Appendix

Sample configuration with example: (Same configuration file or parameters can be used on both primary and secondary nodes to setup DHCP server)

curl -s https://clientreleases.s3.us-west-1.amazonaws.com/cgw/xdhcp_setup.sh | sudo bash

root@cgw-primary:/usr/local/bin# cat config_xdhcp.ini
###########################################################
# DHCP Server Setup Configuration
###########################################################
[DOMAIN-NAME]
PRIMARY_SERVER_DOMAIN_NAME=exiumtest.net
SECONDARY_SERVER_DOMAIN_NAME=exiumtest.net

[HOSTNAME]
PRIMARY_SERVER_HOSTNAME=dhcp-primary.exiumtest.net
SECONDARY_SERVER_HOSTNAME=dhcp-secondary.exiumtest.net

[DHCP-SERVER-IP]
PRIMARY_DHCP_SERVER_IP=192.168.150.2
SECONDARY_DHCP_SERVER_IP=192.168.150.3

[IP-POOL]
RANGE_BEGIN=192.168.150.1
RANGE_END=192.168.150.254

[IP-POOL-SUBNET]
IP_SUBNET=192.168.150.0
IP_SUBNET_MASK=255.255.255.0

[IP-POOL-GATEWAY]
DEFAULT_GATEWAY_IP=192.168.150.1

[IP-POOL-DNS]
PRIMARY_DNS_IP=8.8.8.8
SECONDARY_DNS_IP=1.1.1.1

[LEASE-TIME]
DEFAULT_LEASE_TIME=86400
MAX_LEASE_TIME=604800

[DHCP-INTERFACE]
INTERFACE_NAME=enp0s8

VRRP/Floating IP or Gateway IP

192.168.150.1, which is configured above as default gateway, must be configured as VRRP/floating IP in CGW HA setup configuration. In case CGW is already running in HA mode then find out VRRP/floating IP by running command ‘sudo xlgateway status’ and use that IP in DHCP server configuration as default gateway. Do not use or configure default gateway IP at anywhere else.

Node Status Sample

root@cgw-secondary:/usr/local/bin# xdhcp-manager -s show
#####################################
Node type: secondary
DHCP Interface: enp0s8
IP Range Start: 192.168.150.1
IP Range End: 192.168.150.254
Default Gateway: 192.168.150.1
Primary DNS IP: 8.8.8.8
Secondary DNS IP: 1.1.1.1
#####################################

 

Ready to Get Started?

Say goodbye to outdated, hardware-based niche products, with easy to use cloud-delivered Zero Trust security. 

Test Drive
About

Exium is a leading provider of SASE cybersecurity for SMB and mid-market customers. Exium’s zero-trust platform helps MSPs drive growth by meeting their clients’ security and compliance needs.

Products
Solutions
Contact Details

© 2022 Exium | All rights reserved